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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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earned patent term adjustment. See 37 CFR 1.704(b). 
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1 )K Responsive to communication(s) filed on 25 September 2001 . 
2a)Q This action is FINAL. 2b)^ This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayte, 1935 CD. 11, 453 O.G. 213. 
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4) 0 Claim(s) is/are pending in the application. 
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6) I3 Claim(s) 1-43 is/are rejected. 
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8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 
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Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) £3 Notice of References Cited (PTO-892) * 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Pa P er No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) D Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 2 



Application/Control Number: 09/800,754 
Art Unit: 2134 



Page 2 



DETAILED ACTION 



Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. ^ A 

2. Claims 11-16, +629, 31, 33, 42, 43 rejected under 35 U.S.C. 102(b) as being 
anticipated by Poisson et al., US Patent No 6701358 (hereafter referred to as l 358).. 
As to claim(s) 11. 25. 26, 27, 28, 33: 

3. ( 358 teaches a remote VPN configuration system allowing for on-the-fly 
configuration/modification of VPN network switches from a master comprising 
generating properties for first security device to direct the participation of first/second 
security device and distributing properties generated for the first security device to the 
first/second security device / Transmitting/configuring the configuration information to/at 
each switch (Col 3, Lines 43-45, '358), after being configured the VFN permits secure 
communication between a first/second computer in first/second private networks (Col 3, 
Line 46-50, '358). 



4. As to claim(s) 12: 
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Properties generated for first device are distinct from second security device / list of 
network links 222 that enable an administrator to manually configure an individual 
extranet switch (Col 7, Line 60-62, '358) 

5. As to claim(s) 13: 

Generated properties are adopted by both security devices to establish virtual private 
network / after being configured the VPN permits secure communication between a 
first/second computer in first/second private networks (Col 3, Line 46-50, '358). 

6. As to claim(s) 14: 

Transmitting the generated properties to the security devices in response to inquiries 
from the security devices / Request/response update model (Col 6, Line 66-67, ( 358) 

7. As to claim(s) 15: 

Transmitting the generated properties to the security devices / transmitting the 
configuration information to/at each switch (Col 3, Lines 43-45, '358) 

8. As to claim(s) 16: 

Receiving a single set of VPN specifications in the server computer system without any 
user input subsequent to receiving specifications / After input of VPN properties, 
properties are transmitted/configured to/at switches (Col 2, Lines 10-17, '358) 
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9. As to claim(s) 18: 

Properties include security properties related to data traveling in the virtual private 
network / Switch properties include encryption schemes (Col 3, Line 31 , '358) 

10. As to claim(s) 19: 

Security properties specify encryption parameters / Switch properties include encryption 
schemes (Col 3, Line 31, '358) 

11. As to claim(s) 20: 

Generated properties include resource properties relating to sources and destinations in 
the private networks / defining a common domain for multiple switches, refer to 
source/destination switches by domain name and hostname (Col 5, Line 17-20, '358) 

12. As toclaim(s)21: 

Resource properties specify addresses of network nodes within the private networks 
that send and receive data / defining a common domain for multiple switches, refer to 
source/destination switches by domain name and hostname (Col 5, Line 17-20, '358) 

13. As to claim(s)22: 

Generated properties include service properties relating to classes of data that may 
travel in the virtual private network / the administrator can also enable or disable 
different communication protocols such as http, snmp, ftp... (Col 5, Line 34-37, '358) 
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14. As to claim(s) 23: 

Service properties specify network protocols / the administrator can also enable or 
disable different communication protocols such as http, snmp, ftp... (Col 5, Line 34-37, 
l 358) 

15. As to claim(s) 24: 

Performing the generating and distributing for one or more additional security devices to 
establish the VPN / the manager can bulk configure multiple extranet switches (Col 2, 
Line 61-62, '358) 

16. As to claim(s) 29: 

At least one of the managed computer systems is a dedicated network security device / 
extranet switches enforce rules that maintain a secure virtual private network (Col 3, 
Line 18-20, '358) 

17. As to claim(s) 31: 

Caching the managed properties until delivery / copied from configuration information of 
a previously configured switch (Col 4, Line 21-22, '358) 



18. As to claim(s) 42: 
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Locally managed properties and remotely-managed properties / The bulk configuration 
information can be specified by a user, provided by a program that automatically 
configures switches, or copied from configuration information of a previously configured 
switch (Col 6, Line 19-23, '358) 

Manager computer system communicatively connected to the distinguished computer 
system which manages the remotely-managed properties / VPN manager (Fig 1 , 
Element 116, '358) 

19. As to claim(s) 43: 

Computing system is a specialized network security device / extranet switches enforce 
rules that maintain a secure virtual private network (Col 3, Line 18-20, '358) 

Claim Rejections - 35 USC § 103 

20. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

21. Claims 1, 5, 8, 9, 17, 30, 34-41 rejected under 35 U.S.C. 103(a) as being 
unpatentable over '358 

22. As to claim(s) 1,5,17, 30, 34-41 : 
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'358 teaches a remote VPN configuration system allowing for on-the-fly 
configuration/modification of VPN network switches comprising: 

• Maintaining a set of current properties on the subject computer / An extranet 
switch manager provides administrators with a tool that centralizes management 
of different extranet switches in a virtual private network (Col 2, Line 58-60, l 358) 

• Receiving new subject computer properties in helper computer / Transmitting 

current properties from subject computer to helper computer / The bulk 

> 

configuration information can be specified by a user, provided by a program that 
automatically configures switches, or copied from configuration information of a 
previously configured switch (Col 6, Line 19-23, '358) 

• Transmitting new properties to subject computer / In subject computer adopting 
the new/current merged properties / transmitting/configuring the configuration 
information to/at each switch (Col 3, Lines 43-45, '358) 

23. Although '358 teaches to functionality of copying all properties from a switch and 
modifying properties of a switch, '358 does not teach for does not specifically teach to 
update a switch with a modification of the copy/template from the switch. It would have 
been obvious to a person of ordinary skill in the art at the time of invention to combine 
the steps of copying all properties from a switch and modifying properties of a switch as 
stated in '358. One of ordinary skill in the art would have been motivated to combine 
these steps because this would save steps and time for the administrator system in 
performing these actions together. 
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As to claim(s) 8: 

24. '358 as modified above teaches a remote VPN configuration system allowing for 
the combined steps of copying/merging the complete set of properties from a switch. 
'358 further teaches the use of a periodic update scheme and a request/response 
update scheme (Col 6-7, Lines 66-2, '358). '358 as modified above does not 
specifically teach for the receiving computer to initiate the periodic update function. It 
would have been obvious to a person of ordinary skill in the art at the time of invention 
to combine the request/response update initiation with the periodic update initiation 
stated in the invention of '358. It would have been obvious to a person of ordinary skill 
in the art at the time of invention to combine the request/respons 

the periodic update initiation stated in the invention of '358 because the requesting 
computer has the functionality and the combination provides an alternative for 
accomplishing the same result. 

25. As to claim(s) 9: 

Merged properties include instruction to adopt the merged properties / the reception of 
requested update properties can be defined as an instruction to adopt 

26. Claim 2, 10, 32 rejected under 35 U.S.C. 103(a) as being unpatentable '358 in 
view of West et al., US Patent No 5528602 (hereafter referred to as '602). 

As to claim(s)2, 10,32: 
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27. '358 as modified above teaches a remote VPN configuration system allowing for 
the combined steps of copying the complete set of properties from a switch and 
modifying the settings. '358 does not teach to generate a digest of the modified and 
current properties or compare the digests. '602 teaches creating/comparing digest 
checksums to compare the values of computer subsystem properties. It would have 
been obvious to a person of ordinary skill in the art at the time of invention to 
create/compare digest checksums to compare the values of computer subsystem 
properties as done in '602 in the invention of '358. One of ordinary skill in the art would 
have been motivated to create/compare digest checksums to compare the values of 
computer subsystem properties as done in '602 in the invention of '358 because doing 
so woutekdetermine whether the switch already contained the updated properties saving 
updating time. 

28. Claims 3, 4, 6, 7 rejected under 35 U.S.C. 103(a) as being unpatentable over 
'358 in view of '602 in further view of Bruce Schneier, "Applied Cryptography". 

As to claim(s) 3, 4: 

29. '358 as modified above teaches a remote VPN configuration system allowing for 
the combined steps of copying/modifying the complete set of properties from a switch 
and using a digest checksum to determine property equivalence. '358 as modified 
above does not teach for the checksum digests to be generated from a hashing function 
such as MD5. Schneier teaches the use of hashing functions such as MD5 to produce 
a value that indicates whether a candidate pre-image is likely to be the same as the real 
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pre-image (Page 30, Line 25 et seq., Schneier), (Page 429, 436, Schneier). It would 
have been obvious to a person of ordinary skill in the art at the time of invention to use 
the MD5 hashing function as taught by Schneier in the invention of '358 as modified 
above. One of ordinary skill in the art would have been motivated to use the MD5 
hashing function as taught by Schneier in the invention of '358 as modified above 
because MD5 represents a cryptographically secure version of digest checksum which 
is much less likely to produce a collision. 

30. As to claim(s) 6: 

Deleting properties in the copy of current properties identified by administrative 
properties among the current properties / as broadly as defined, any properties that are 
not modified identify properties that are modified, and can be defined as administrative. 
See rejection for claim 1 . 

31. As to claim(s) 7: 

Adding to current properties administrative properties identifying other properties added 
to the current properties / When a current property configuration is updated, the copy of 
properties that is modified constitutes administrative properties before modification. See 
rejection for claim 6. 



Conclusion 
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32. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jonathan R Adams whose telephone number is 

(571 )272-3832. The examiner can normally be reached on Monday - Friday from 10am 
to 6pm. 

33. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse, can be reached on (703) 308-4789. The fax phone number 
for the organization where this application or proceeding is assigned is (571 )272-3838. 
Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 305-3900. 
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